Adding a repository will only allow the external machine to perform updates, I'm afraid - it won't be enough to allow the client machine to connect to ePO.
If you have an externally-facing IP address for the server then you could certainly add a DNS record for this - the external machine will then try to connect to the "real" IP address of the server, fail, do a DNS lookup on the "real" FQDN and be given the external IP address, and comms will then succeed.
Generally though exposing the ePO server to the outside world is something we strongly recommend against. A more secure approach would be to put an agent handler in a DMZ environment and allow the external machines to use that. (This is one of the exact scenarios that agent handlers were designed for.)
thank you for your answer. I came to the same conclusion.
In fact I already have an old architecture based on ePO 3.6 facing internet with a DNS record, so I think I'm gonna do the same ePO 4.5.
I'm not familiar with agent handlers and I know it is a better way.
In my understanding an agent handler is simply a new ePO server instance right?
So if I follow this recommandation, I'll have 2 ePO servers to operate, one dedicated for the remote users and one dedicated for my internal users.
I'm going to read the documentation, if I can install a remote agent handler on an existing server in my DMZ, it would be perfect.
You won't have two servers to operate - only the one
I would very strongly recommend reading the Agent Handler White Paper, found here - it's pretty much compulsory reading for anyone considering an AH deployment.